OoTheNigerian

sometimes, I make a lot of sense.

“Security Questions” in a Facebook Age.

09 April 2011 by Oo Nwoye

In the process of registering for a Nigerian mobile payment service Pagatech, I came across this screen below. 

paga

In the Facebook age, most of the normal security questions can be gotten from your Facebook profile. I cannot believe “Your mother’s maiden mane” is still considered a security question on Paypal and banks.

I think it is rather impressive that Pagatech has gone the extra mile to create questions that a a bit harder to answer via “Facebook research”.

The challenge to this method though is this; is something that is not worth Facebook putting a field for easy to remember? Most of the questions above have the propensity to change with time or to have different answers depending when or how it was asked.

For example, the question “What city  do you want to visit in the world” can change depending on if i have eventually visited the city in question or something occurs that makes another city more attractive.

Is there any database of “Facebook research immune” security question available that services can tap into?

In this age, I would have expected biometric passwords (fingerprint) to have started being ubiquitous. Maybe utilising the finger print scanner or the use of a webcam.

Maybe I am thinking ahead of myself.

 

HN comments should be here

Have You Read These?

I am a founder of Fonebase Labs, a Nigerian technology company. Our products are Fonenode - a telephony API, Callbase , a virtual contact center and WriteRack the best way to tweetstorm. Feel free to holla at me (ositanwoye@gmail) if need be.

9 comments | Categories: Nigeria, Technology | Tags: , , ,

  • Asemota

    Now I am beginning to wonder if you are a “PagaSpy”. The reason Pagatech or others will need all these kind of questions because they cant get the security SIM encryption provides. That is why the network operator cannot be removed from the mobile payments game. Trying to put in place an operator agnostic platform in place will be a web payment platform and not mobile payments. The key to mobile security is the SIM. I wonder what the people who gave them the license were thinking. The SIM registration exercise may need biometric information for subscriber identification but the mobile transactions space is a different ball game. Each transaction should be encrypted and that is a network level function and different from web encryption.

    • ‎”Now I am beginning to wonder if you are a “PagaSpy”.”

      I have been rooting for paga from day one. I have never hidden it. I will side startups before incumbents anyday anytime.

      “The reason Pagatech or others will need all these kind of questions because they cant get the security SIM encryption provides.”

      There is more than one way to skin a cat. The market will decide which is best.

      I cannot comment on other systems becayse they do not exist to me until I use them. In theory, jazz is the best way to transferr money. Real life differentiates jokers from the guys that are ready

      I cannot comment on paga’s payment process untill I use it. As for the rest, I cannot comment on their registration process until I register with them.

      So let the big guns do something. Until then it is all talk no action.

      Tayo the CEO is the best person to answer the specific questions you have raised.

    • Tayo

      The questions asked are for our online solution and are only one in a series of security measures we take online.

      Our service is operator agnostic and works on the most basic phone. We provide multiple channels – SMS, Online, Mobile Phone Java App, and USSD (yet to be released).

      I respectfully disagree that the security of the SIM is needed to achieve secure mobile payments. Also the CBN has got it right here with respect to operators. As a board member of Zain once told me “When the ATM came out, British Telecom did not become a bank, but they made a lot of money providing the pipes to the ATM.” In any market where you don’t have a dominant telco or bank, a third party is best positioned to provide a ubiquitous service.

      check out an article we wrote on the topic: http://pagatech.com/news/mobile-payments-compete-or-collaborate

      Please do try Paga and let me know what you think. http://www.mypaga.com

      • Asemota

        I think the issue here is security and not ubiquity or diversity of options. While it serves no purpose to ask you to divulge all your security measures, it would be worthy to note this below:

        “a recent study by Javelin Strategy & Research found that fraud losses from mobile payments as a percentage of total revenue were 1.13% compared to the 0.83% for online-only merchants and 0.86% for multi-channel merchants”

        I am sure this percentage in Nigeria will be quite substantial if expediency and ubiquity take precedence over security.

        Every mobile payment options has its bells and whistles but for now I will stick with proven and secure models

  • Asemota

    ‎11 operations live and fastest growing mobile payments scheme in the world which broke even in 3 months in Uganda and surpassed postpaid income in six months is not all talk. What is all talk is Paga

  • Segebee

    You wrote ‘mane’ instead of ‘name’. you should fire ur editor :-). And yeah, u may be getting ahead of yourself with the biometrics suggestion 🙂

  • keyloggers can still capture all this info imho most fraud is inside jobs.

  • Pingback: Why I am Having A 2 Factor Authentication Easter Party. | OoTheNigerian()

  • Pingback: Why I am Having A 2 Factor Authentication Party | greenlight()